Skip to main content
QuantLab Logo

Free guides, checklists, and playbooks.

The same internal playbooks, scoping checklists, and decision frameworks we use on QUANT LAB engagements — packaged for founders, CTOs, and operations leaders making the next call on custom software, security, payments, or CRM. Every resource is written to be useful even before you talk to us. If they help, the next step is a 20-minute scoping conversation.

One-click PDF download
15-90 minute reads
No paywall, just an email

What free resources does QUANT LAB USA publish?

QUANT LAB USA publishes six free downloadable resources: the Build-vs-Buy Decision Playbook (25 pages), the OWASP-aligned Web App Pentest Checklist (80 items), the 6-Week Custom CRM Rollout Playbook (30 pages plus templates), MVP to Production Tech Playbook (35 pages), the Stripe Integration Checklist, and the MITRE ATT&CK Maturity Worksheet. Each targets a specific decision-maker (CTO, COO, Security Lead, Founder) and a specific decision. One-click PDF download, no paywall, just an email.

Six resources, six decisions.

Each guide targets a specific situation and a specific decision-maker. Pick the one that matches what is on your plate this quarter. If you are juggling more than one, skim the description on each card and start with the one that costs the most to get wrong.

25-page PDF playbook

The Custom Software Build-vs-Buy Decision Playbook

A 25-page playbook with 7 decision frameworks, a 5-year TCO worksheet, and a CFO memo template — for ops leaders losing the build-vs-buy argument.

For COOs, VPs of Operations, RevOps

Get the resource

80-item PDF checklist

The Web App Pentest Checklist (OWASP-aligned)

An 80-item OWASP-aligned checklist for CTOs and security leads scoping a web app pentest for SOC 2, PCI, or a customer security questionnaire.

For CTOs, Security Leads, vCISOs

Get the resource

30-page PDF + templates

The 6-Week Custom CRM Rollout Playbook

A 30-page playbook with week-by-week tasks, data-migration templates, and a stakeholder communications kit for ops leaders rolling out a new CRM.

For RevOps, VPs of Sales, Operations Leaders

Get the resource

35-page PDF playbook

MVP to Production: The Founder's Tech Playbook

A 35-page playbook on hosting, auth, payments, observability, and analytics decisions for technical founders shipping past product-market fit.

For Founders, CTOs, Technical Co-founders

Get the resource

Pre-launch PDF checklist

The Stripe Integration Checklist

A pre-launch PDF checklist covering dunning, SCA, webhook resilience, idempotency, and reconciliation — for SaaS teams shipping custom payment flows.

For SaaS Founders, Heads of Engineering

Get the resource

Worksheet (PDF)

MITRE ATT&CK Maturity Worksheet

A self-assessment worksheet aligning your organization's defenses to the 14 ATT&CK Enterprise tactics — with scoring, quick wins, and a board-ready summary.

For Security Leads, IT Managers, vCISOs

Get the resource

Why we publish these

Founders and operations leaders almost never call us cold. They call us after they have lost two months to a SaaS vendor that refuses to fix a workflow bug, after a SOC 2 auditor asked them what their pentest scope was and they did not know how to answer, after a Stripe webhook silently dropped a $40,000 charge, or after a quant trader watched a notebook strategy bleed real capital because the risk layer was never built. Every one of those calls is preventable with 90 minutes of reading. That is what these resources are for.

Each one is written like an internal document, not a sales sheet. The Build-vs-Buy Playbook walks through the same 12-factor scoring framework we use when scoping a custom build. The Pentest Checklist is the actual list of questions we wish every prospect asked before signing a statement of work — see also our web application pentest service. The 6-Week CRM Rollout Playbook is the operations document we hand a client on day one of a custom CRM build. The MVP to Production Playbook is the post-PMF SaaS map we wish someone had handed us in 2019.

The Stripe Integration Checklist is built for SaaS teams shipping a custom Stripe integration and will save you a weekend of customer-support fires if you follow it. The MITRE ATT&CK Maturity Worksheet is the self-assessment we walk security leads through before scoping a MITRE ATT&CK assessment or a full penetration test. Together they cover the four conversations that come up most often in our consulting work: build vs buy, security posture, payments, and operations tooling.

None of the resources are gated by anything more than an email address. We do not ask for company size, phone number, headcount, or budget. If you want to stay anonymous and grab the PDF, your email is the only field that is actually required. If you want a follow-up from William, reply to the confirmation email or jump straight into the contact form.

Who these are for

Founders & CTOs

You shipped an MVP, you have paying customers, and the next 90 days will decide whether the product survives its first enterprise procurement cycle. Start with the MVP to Production Playbook.

RevOps & Operations Leaders

You are losing the build-vs-buy argument with your CFO or staring at a Salesforce renewal that doubled. Start with Build vs Buy and the CRM Rollout Playbook.

Security Leads & vCISOs

You are scoping a pentest, answering a customer security questionnaire, or pricing a SOC 2 audit. Start with the Pentest Checklist and the MITRE ATT&CK Worksheet.

Skip the resource — talk to the founder.

If you already know which conversation you need, book a 20-minute scoping call. William Beltz answers every booking personally — no SDR, no chatbot, no automated funnel. Read more about QUANT LAB USA or browse recent client work, pricing, or the blog.